Privacy Policy

Privacy Policy

Accepted on: 06/03/2023

Data Controller

Name: Ebringa ZRt.

Registered office: 8000 Székesfehérvár, Palotai út 8/B. 4/1.

Postal address, complaints: 8000 Székesfehérvár, Palotai út 8/B. 4/1.

E-mail: info@ebikeshop.hu

Phone: +36 1 3274642

Website: http://www.ebikeshop.eu

Hosting provider

Name: Site 5 hosting provider

Postal address: 2500 Ridgepoint Dr Ste 105C, Austin, TX, 78754-5250, United States

E-mail address: info@site5.com

Phone number: (888) 748-3526

Description of data processing while operating the webshop

This document contains all relevant information on data management in connection with the operation of the webshop in accordance with General Data Protection Regulation (EU) 2016/679 (hereinafter: Regulation, GDPR) and Act CXII of 2011 (hereinafter: Privacy Act.).

Information on the use of cookies

What are cookies?

The Data Controller uses so-called cookies when you visit the website. A cookie is a set of letters and numbers that our website sends to your browser to save certain settings, facilitate the use of our website and help us to collect some relevant statistical information about our visitors.

Some of the cookies do not contain any personal information and cannot be used to identify an individual user, but some of them contain a unique identifier – a secret, randomly generated sequence of numbers – that is stored on your device, thereby enabling your identification. The duration of each cookie is described in the relevant description of each cookie.

Legal background of and legal basis for cookies:

The legal basis for processing is your consent pursuant to Article 6(1)(a) of the Regulation.

Main features of the cookies used by the website:

Google AdWords cookie When visiting our site, the visitor’s cookie ID is added to our remarketing list. Google uses cookies – such as NID and SID cookies – to personalise the ads you see in Google products, such as Google Search. Such cookies are used, for example, to remember your recent searches, your previous interactions with certain advertisers’ ads or search results, and your visits to advertisers’ websites. The AdWords conversion tracking feature uses cookies. To track ad sales and other conversions, cookies are saved on the user’s computer when they click on an ad. Some common uses of cookies include: selecting ads based on what is relevant to a particular user, improving campaign performance reporting, and avoiding displaying ads that the user has already viewed.

Google Analytics cookie: Google Analytics is Google’s analytics tool that helps website and app owners get a more accurate picture of their visitors’ activities. The service may use cookies to collect information and compile reports on website usage statistics without individually identifying visitors to Google. The main cookie used by Google Analytics is the “ ga” cookie. In addition to the reports generated from website usage statistics, Google Analytics – along with some of the advertising cookies described above – can also be used to display more relevant ads in Google products (such as Google Search) and across the web.

Remarketing cookies: They may appear to previous visitors or users when browsing other sites on the Google Display Network or searching for terms related to its products or services.

Strictly necessary cookies: These cookies are essential for the use of the website and allow the use of its basic functions. Without them, many features of the site will not be available to you. List of cookies and their expiration: mcms_session (session), ebkcsrfc (2 hours), ebkfilterstate (1 year), collection_hash (1 year), ebkcookieconsent (1 year)

Facebook pixel (Facebook cookie) Facebook pixel is a code that allows the website to report conversions, create target audiences and provide the site owner with detailed analytics about how visitors use the site. Facebook pixel allows the user to display personalised offers and ads to their website visitors on Facebook. You can review the Facebook Privacy Policy here: https://www.facebook.com/policies/cookies/

Livechat cookie The Livechat cookie is used to operate our webshop chat assistance service and to track visitors throughout our webshop. Expiration is 3 years.

If you do not accept the use of cookies, certain features will not be available to you. You can find more information about deleting cookies by following the links below:

Data processed for the conclusion and performance of contracts

In order to conclude and perform a contract, several data processing operations may take place. Please note that data processing related to complaint handling and warranty management will only take place if you exercise one of the rights mentioned here.

If you do not make a purchase through the webshop, and are only visiting it, data processing for marketing purposes may apply to you if you provide us with your relevant consent.

More details on the data processed for the conclusion and performance of contracts:

Contacting us

For example, if you contact us by e-mail, via contact form or phone with a question about a product. Contacting us in advance is not obligatory, you can still order from the webshop at any time.

Data processed

Our website collects data on the following pages:

Recording telephone conversations with customer service:

If you contact our customer service by telephone or, with your consent, our customer service contacts you by telephone, we will record the telephone conversation, which we will always bring to your attention in advance. This form of data processing – the recording of conversations – is for quality assurance purposes, so that if any customer has a complaint about our telephone customer service, we can deal with it appropriately and reconstruct what was said. In addition, this data processing is also a means of preventing possible abuse, as customers may inquire about their ongoing orders and even their own personal data, and the audio recording provides sufficient protection against as well as prevents possible unauthorised access. In the course of further data processing, the Data Controller processes the data of the data subjects for several other purposes, and in the course of the present data processing, the only additional personal data processed is the voice of the data subject, for example, in comparison to the data processed in the course of contacting.

Data processed:

In addition to the data processed in the course of contacting you, the Data Controller primarily processes your voice as personal data and, as the case may be, any additional personal data you may provide during the conversation.

Duration of data processing:

The data will be processed for 1 year according to the civil law limitation period.

Legal basis for data processing:

Your voluntary consent, which you provide to the Data Controller after you have been informed, by staying on the line and continuing the conversation [processing according to Article 6(1)(a) of the Regulation]. If you do not wish to consent to voice recording, you can use our other customer service interfaces (chat, e-mail, etc.) to deal with your issues with the same efficiency and speed.

Duration of data processing

The data will only be processed until the purchase process is concluded.

Legal basis for data processing

Your voluntary consent, which you provide to the Data Controller by establishing contact [data processing according to Article 6(1)(a) of the Regulation].

Registration on the website

By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g. the user does not have to re-enter the data when making a new purchase). Registration is not a condition for the conclusion of a contract

Data processed

The Data Controller processes your name, address, telephone number, e-mail address, password, the characteristics of the product purchased and the date of purchase, as well as the billing and delivery address.

Duration of data processing

Until your consent is withdrawn.

Legal basis for data processing

Your voluntary consent, which you provide to the Data Controller with your registration [data processing according to Article 6(1)(a) of the Regulation].

Processing of orders

When processing orders, data processing activities are required to perform the contract.

Data processed

The Data Controller processes your name, address, telephone number, e-mail address, the characteristics of the product purchased, the order number and the date of purchase, as well as the billing and delivery address.

If you have placed an order in the webshop, both the processing and the provision of the data are required to perform the contract.

Duration of data processing

The data will be processed for 5 years according to the civil law limitation period.

Legal basis for data processing

Performance of a contract. [Data processing according to Article 6(1)(b) of the Regulation]

Invoicing

Data processing is carried out in order to issue invoices in compliance with the law and to fulfil the obligation to keep accounting records. Pursuant to Paragraphs (1) and (2) of Article 169 of the Act on Accounting, companies must keep accounting documents that directly and indirectly support their accounting practices.

Data processed

The Data Controller processes your name, address, telephone number, e-mail address, the characteristics of the product purchased, the order number and the date of purchase, as well as the billing and delivery address.

Duration of data processing

Pursuant to Paragraph (2) of Article 169 of the Act on Accounting, invoices must be kept for 8 years from the date of issue.

Legal basis for data processing

Pursuant to Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, issuing an invoice is mandatory, which must be kept for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting [data processing pursuant to Article 6(1)(c) of the Regulation].

Data processing related to the transport of goods

Data processing is carried out in order to deliver the ordered product.

Data processed

The Data Controller processes your name, address, telephone number, e-mail address, the characteristics of the product purchased, the order number and the date of purchase, as well as the billing and delivery address.

Duration of data processing

The Data Controller processes the data for the duration of the delivery of the ordered goods.

Legal basis for data processing

Performance of a contract [data processing according to Article 6(1)(b) of the Regulation].

Recipients and processors of data related to the transport of goods

Recipient: GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.

Recipient’s registered seat: 2351 Alsónémedi, GLS Európa u. 2.

Recipient’s phone number: 06-29-88-67-00

Recipient’s e-mail address: info@gls-hungary.com

Recipient’s website: https://gls-group.eu/HU/hu/home

On the basis of the contract with the Data Controller, the delivery service contributes to the delivery of ordered products. The courier service will process the personal data received in accordance with the privacy policy available on its website.

Recipient: 24h Parcel Zrt

Recipient’s registered seat: 1106 Budapest, Fehér út 10.

Recipient’s phone number: +36 20 2242424

Recipient’s e-mail address: 24hfutar@24hfutar.hu

Recipient’s website: www.24hfutar.hu

On the basis of the contract with the Data Controller, the delivery service contributes to the delivery of ordered products. The courier service will process the personal data received in accordance with the privacy policy available on its website.

Handling of guarantee and warranty claims

When dealing with guarantee and warranty claims, we must proceed according to the rules of Decree 19/2014 (IV. 29.) by the Ministry for National Economy, which also specifies how your claim needs to be handled.

Data processed

When dealing with guarantee and warranty claims, we must proceed according to the rules of Decree 19/2014 (IV. 29.) by the Ministry for National Economy.

In accord with the Decree, we are required to keep a record of any guarantee and warranty claim that you make to us, processing the following data:

  1. a) your name, address and a declaration that you consent to the processing of your data recorded in the minutes as specified in the Decree,
  2. b) the name and purchase price of the movable property sold under the contract between you and us,
  3. c) the date of performance of the contract,
  4. d) the date of reporting the fault,
  5. e) the description of the fault,
  6. f) the right you wish to exercise under a guarantee and warranty; and
  7. g) how the guarantee and warranty claim is to be settled or the justification for rejecting the claim or the right to enforce it.

If we take back the product you purchased, we have to issue an acknowledgement of receipt, stating the following:

  1. your name and address,
  2. the data needed to identify the item,
  3. the date of receipt of the item, and
  4. the date when you can pick up the repaired item.

Duration of data processing

The business has to keep the record of the consumer’s guarantee and warranty claim for three years from the date of its recording, and present it at the request of the supervisory authority.

Legal basis for data processing

The legal basis for data processing is compliance with the legal obligations pursuant to Regulation 19/2014 (IV. 29.) by the Ministry for National Economy [Article 4(1) and Article 6(1)] [data processing pursuant to Article 6(1)(c) of the Regulation].

Data processed in relation to the verifiability of consent

When registering, ordering, subscribing to newsletters, the IT system stores the IT data related to the consent for later verification.

Data processed

The date of consent and the IP address of the data subject.

Duration of data processing

Due to legal requirements, consent must be verifiable at a later date; therefore, the period of data retention will be stored for the limitation period following the cessation of data processing.

Legal basis for data processing

Article 7(1) of the Regulation imposes this obligation. [Data processing according to Article 6(1)(c) of the Regulation]

Data processing for marketing purposes

Data processing relating to the sending of newsletters

Data processing is carried out in order to deliver newsletters.

Data processed

Name, address, e-mail address, telephone number.

Duration of data processing

Until the data subject’s consent is withdrawn.

Legal basis for data processing

Your voluntary consent, which you provide to the Data Controller when subscribing to the newsletter [data processing according to Article 6(1)(a) of the Regulation].

Data processing relating to the sending and display of personalised ads

Data processing is carried out in order to send advertising content that is relevant to the interests of the data subject.

Data processed

Name, address, e-mail address, telephone number.

Duration of data processing

Until your consent is withdrawn.

Legal basis for data processing

Your voluntary and specific consent, which you provide to the Data Controller at the time of data collection [data processing according to Article 6(1)(a) of the Regulation].

Remarketing

Data processing as a remarketing activity is carried out using cookies.

Data processed

Data processed by cookies as defined in the cookies notice.

Duration of data processing

The retention period of a cookie; more information available here:

Google general cookies notice:

https://www.google.com/policies/technologies/types/

Google Analytics notice:

https://developers.google.com/analytics/devguides/collection/analvticsjs/cookie-usage?hl=hu

Facebook notice:

https://www.facebook.com/ads/preferences/?entrv product=ad settings screen

Legal basis for data processing

Your voluntary consent, which you provide to the Data Controller by using the website [data processing according to Article 6(1)(a) of the Regulation].

Sweepstakes

Data processing is carried out in order to perform the sweepstakes.

Data processed

Name, e-mail address, phone number.

Duration of data processing

The data will be deleted after the end of the sweepstakes, except for the winner’s data, which the Data Controller is obliged to keep for 8 years in accord with the Act on Accounting.

Legal basis for data processing

Your voluntary consent, which you provide to the Data Controller by using the website [data processing according to Article 6(1)(a) of the Regulation].

Additional data processing

If the Data Controller intends to carry out additional data processing, it shall provide prior information about its relevant circumstances (legal background and legal basis, as well as purpose of the data processing, scope of the data processed, duration of the data processing).

Recipients of personal data

Data processing for the storage of personal data

Data processor’s name: Site 5 hosting provider

Data processor’s contact details:

Phone number: (888) 748-3526

E-mail address: info@site5.com

Registered office: 2500 Ridgepoint Dr Ste 105C, Austin, TX, 78754-5250, United States

Website: www.site5.com

On the basis of the contract with the Data Controller, the Data Processor stores personal data. The Data Processor is not entitled to access the personal data.

Data processing activity related to sending newsletters

Name of the company operating the newsletter delivery system: Maileon

Registered seat of the company operating the newsletter delivery system: 1112 Budapest, Budaörsi út 153.

Phone number of the company operating the newsletter delivery system: +36 1 248 0678

E-mail address of the company operating the newsletter delivery system: info@maileon.hu

Website of the company operating the newsletter delivery system: https://maileon.hu/

On the basis of the contract with the Data Controller, the Data Processor contributes to the sending of newsletters. In doing so, the Data Processor will process the name and e-mail address of the data subject to the extent necessary for the purposes of sending newsletters.

Data processing related to invoicing

Data processor’s name: Diamond Studió Kft.

Data processor’s registered seat: 8000 Székesfehérvár, Tolnai utca 32. Fszt. 1.

Data processor’s phone number: +36-22/349-454

Data processor’s e-mail address: info@diamondstudio.hu

Data processor’s website: www.diamondstudio.hu

On the basis of the contract with the Data Controller, the Data Processor contributes to the keeping of accounting records. In doing so, the Data Processor will process the name and address of the data subject to the extent necessary for accounting records, for the period of time pursuant to Section 169(2) of the Act on Accounting, after which it shall delete the data.

Data processing related to the operation of the CRM system

Data processor’s name: Bitrix24

Data processor’s registered seat: Poseidonos, 1 Ledra Business Center Egkomi 2406 Nicosia Cyprus

Data processor’s phone number:

Data processor’s e-mail address: info@bitrix24.eu

Data processor’s website: www.bitrix24.eu

On the basis of the contract with the Data Controller, the Data Processor contributes to the registration of orders. In doing so, the Data Processor will process the name, address, telephone number of and the quantity and dates of orders by the data subject within the limitation period of civil law.

Additional data processing

Data processing related to operating the webshop chat

Data processor’s name: Profit Solutions Kft.

Data processor’s registered seat: 2093 Budajenő, Pacsirta utca 20.

Data processor’s e-mail address: info@smartsupp.com

On the basis of the contract with the Data Controller, the Data Processor contributes to the operation of the chat service for customers, tracks the websites viewed, and may request e-mail addresses and telephone numbers. In doing so, the Data Processor will process the name, e-mail address, telephone number of and the list of websites visited by the data subject within the limitation period of civil law.

Your rights during data processing

During the period of data processing, you have the following rights according to the Regulation:

  • the right to withdraw consent
  • access to personal data and information on data processing
  • right to rectification
  • limitation of data processing,
  • right to erasure
  • right to objection
  • right to data portability.

If you wish to exercise your rights, this will involve your identification, and the Data Controller will need to communicate with you. Therefore, for identification purposes, you will be required to provide personal data (but identification will only be based on data that the Data Controller already processes about you), and your complaints about the processing will be available on the Data Controller’s email account for the period of time specified in this notice regarding complaints. If you are a former customer and would like to be identified for complaint or warranty purposes, please provide your order ID for identification purposes. We can use this to identify you as a customer.

The Data Controller shall respond to complaints concerning data processing within 30 days at the latest.

The right to withdraw consent

You have the right to withdraw your consent to data processing at any time, in which case the data provided will be deleted from our systems. However, please note that withdrawing your consent in the case of an outstanding order may result in our inability to perform the delivery. In addition, if a purchase has already been made, we cannot delete billing data from our systems in accord with accounting rules; and if you have a debt to us, we may process your data during the recovery of the debt on the basis of legitimate interest even if you withdraw your consent.

Access to your personal data

You have the right to receive feedback from the Data Controller as to whether or not your personal data is being processed, and if it is, you have the right to:

  • receive access to the personal data processed, and
  • be informed by the Data Controller of the following:
    • the objectives of data processing;
    • the categories of your personal data processed;
    • information about the recipients or categories of recipients to whom or which the personal data have been or will be disclosed by the Data Controller;
    • the envisaged period of storage of the personal data or, where this is not possible, the criteria for determining that period;
    • your right to request from the Data Controller the rectification, erasure or restriction of the processing of personal data concerning you and, in the case of data processing based on legitimate interest, to object to the processing of such personal data;
    • the right to lodge a complaint with a supervisory authority;
    • if the data was not collected from you, any available information about its source;
    • the fact of automated decision-making (if such a process is used), including profiling, and, at least in these cases, clear information about the logic used and the significance and likely consequences for you with regard to such data processing.

The purpose of exercising the right may be to ascertain and verify the lawfulness of the data processing, and the Data Controller may charge reasonable compensation for the provision of information in the event of repeated requests for information.

The Data Controller ensures access to your personal data by sending you the personal data and information processed via e-mail after you have identified yourself. If you are a registered user, we will provide access so that you can view and control the personal data we process about you by logging into your account.

Please indicate in your request whether you want access to your personal data or request information on data processing.

Right to rectification

You have the right to have inaccurate personal data relating to you rectified by the Data Controller without delay upon your request.

Right to limitation of data processing

You have the right to have the Data Controller restrict data processing at your request if any of the following conditions is met:

  • You contest the accuracy of the personal data, in which case the restriction applies for the period of time that allows the Data Controller to verify the accuracy of the personal data; if accuracy can be established immediately, no restriction will be imposed;
  • the data processing is unlawful, but you object to the deletion of the data for any reason (for example, because the data are important to you for the purposes of pursuing a legal claim), and you do not request the deletion of the data but instead request the restriction of their use;
  • the Data Controller no longer requires the personal data for the designated data processing purposes, but you require these data for the establishment, exercise or defence of legal claims; or
  • You have objected to data processing, but the Data Controller may also have a legitimate interest in data processing, in which case data processing must be restricted until it is established whether the legitimate grounds of the Data Controller prevail over your legitimate grounds.

If data processing is restricted, such personal data may be processed – with the exception of storage – only with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for protecting the rights of another natural or legal person, or of an important public interest of the European Union or of a Member State.

The Data Controller will inform you in advance (at least 3 working days prior) about the lifting of the restriction.

Right to erasure – right to be forgotten

You have the right to have the Data Controller erase your personal data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the Data Controller;
  • You withdraw your consent and there is no other legal basis for data processing;
  • You object to data processing based on legitimate interest and there is no overriding legitimate ground (i.e. legitimate interest) for the processing,
  • the personal data were unlawfully processed by the Data Controller, which has been established on the basis of complaint,
  • the personal data must be erased in order to comply with a legal obligation under EU or Member State law to which the Data Controller is subject.

If the Data Controller has disclosed personal data about you for any lawful reason and is obliged to delete it for any of the reasons set out above, it must take reasonable steps – including technical measures –, taking into account the available technology and the cost of implementation, to inform other data controllers that you have requested the deletion of the links to or the copies/duplicate copies of the personal data in question.

Erasure does not apply where data processing is necessary:

  • to exercise the right to freedom of expression and information;
  • to comply with an obligation under EU or Member State law that requires the data controller to process personal data (such as processing in the context of invoicing, where the storage of invoices is required by law) or to carry out a task in the public interest, or in the exercise of official authority assigned to the data controller;
  • for the establishment, exercise or defence of legal claims (e.g. if the Data Controller has a claim against you and has not yet fulfilled it, or if a consumer or data processing complaint is pending).

Right to objection

You have the right to object to the processing of your personal data based on legitimate interests at any time on grounds relating to your own particular situation. In this case, the Data Controller may no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling, provided it is related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data can no longer be processed for such purposes.

Right to data portability

If data processing is automated or if it is based on your voluntary consent, you have the right to request the Data Controller to receive the data you have provided to them, which the Data Controller will make available to you in .xml, .JSON or .csv format, and if technically feasible, you may request that the Data Controller forward the data in said format to another data controller.

Automated decision-making

You have the right not to be subject to a decision based solely on automated data processing (including profiling) that would have legal effects concerning you, or would affect you in a similarly significant manner. In such cases, the Data Controller is obliged to take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least their right to obtain human intervention by the controller, to express his or her point of view and to object to the decision.

The above do not apply if the decision:

  • is necessary for the conclusion or performance of a contract between you and the Data Controller;
  • is permitted by EU or Member State law applicable to the Data Controller, which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

Registration in the data protection register

Under the provisions of the Privacy Act, the Data Controller was required to report some of its data processing activities to the data protection register. This reporting obligation ceased on 25th May 2018.

NAIH number registered before 25th May 2018:

Data protection registration number: NAIH-88940/2015

Data security measures

The Data Controller declares that it has implemented appropriate security measures to protect personal data against unauthorised access, alteration, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage, as well as inaccessibility resulting from changes in the technology employed.

As far as organisational and technical feasibility allows, the Data Controller will make every effort to ensure that its Data Processors also take appropriate data security measures when working with your personal data.

Legal remedies

If you believe that the Data Controller has violated a legal provision on data processing or has failed to comply with a request, you may initiate an investigation procedure with the Hungarian National Authority for Data Protection and Freedom of Information to stop the alleged unlawful data processing (mailing address: 1363 Budapest, Pf. 9., e-mail: ugyfelszolgalat@naih.hu, phone: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400). We also inform you that you may bring a civil action against the Data Controller before a court in the event of a breach of the legal provisions on data processing or if the Data Controller has not complied with a request.

Amendments to the Privacy Policy

The Data Controller reserves the right to modify this Privacy Policy in a way that does not affect the purpose and legal basis of the data processing. By using the website after the amendment comes into force, you accept the amended privacy policy.

If the Data Controller intends to carry out additional processing of the collected data for purposes other than those for which they were collected, the Data Controller will inform you in advance about the purposes of the data processing as well as the following:

  • the period of storage of the personal data or, where this is not possible, the criteria for determining this period;
  • your right to request from the Data Controller the rectification, erasure or restriction of the processing of personal data concerning you and, in the case of data processing based on legitimate interest, to object to the processing of such personal data; and, in the case of data processing based on consent or a contractual relationship, the right to data portability;
  • in the case of consent-based data processing, about the fact that you may withdraw your consent at any time,
  • the right to lodge a complaint with a supervisory authority;
  • whether the provisioning of personal data is based on a legal or contractual obligation or is a prerequisite for the conclusion of a contract; whether you are under obligation to provide the personal data, as well as the possible consequences of not providing the data;
  • the fact of automated decision-making (if such a process is used), including profiling, and, at least in these cases, clear information about the logic used and the significance and likely consequences for you with regard to such data processing.

Data processing can only commence after this, if the legal basis for data processing is consent, and you must consent to the processing in addition to being informed.

Download PDF